客户端A:192.168.2.108
客户端B:192.168.2.106需求:实现A机器免密登陆B机器
一、机器A 生成密钥
# 生成密钥
[root@f8d300636950 .ssh]$ ssh-keygen
# 结果
Generating public/private rsa key pair.
Enter file in which to save the key (/root/.ssh/id_rsa): # 回车
Created directory '/root/.ssh'.
Enter passphrase (empty for no passphrase): # 回车
Enter same passphrase again: # 回车
Your identification has been saved in /root/.ssh/id_rsa.
Your public key has been saved in /root/.ssh/id_rsa.pub.
The key fingerprint is:
The key's randomart image is:
+--[ RSA 2048]----+
| |
| |
| |
| . . |
| S . . |
| . . . ....|
| o o..+o|
| . . *o=E|
| .+@**|
+-----------------+
二、机器A 传送公钥文件到 机器B
authorized_keys
authorized_keys 是linux 操作系统下,专门用来存放公钥的地方,只要公钥放到了服务器的正确位置,并且拥有正确的权限,你才可以通过你的私钥,免密登录linux服务器
# 查看
[root@f8d300636950 .ssh]$ ll -a
-rw------- 1 git git 1679 11月 14 14:40 id_rsa # 私钥
-rw-r--r-- 1 git git 390 11月 14 14:40 id_rsa.pub # 公钥
# 拷贝公钥文件到机器B上面 /home/devops/.ssh 目录(这里会自动生成authorized_keys文件)
[root@f8d300636950 .ssh]$ ssh-copy-id devops@192.168.2.106
# 结果
ECDSA key fingerprint is SHA256:JQ9/i6M0oHGJa0xN7Sy6RZjg+WMV4BdpGNWJ7Axl/DI.
ECDSA key fingerprint is MD5:3e:6a:95:6b:e5:7c:e6:9b:93:f3:e0:3d:73:89:42:ad.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
devops@192.168.2.106's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'devops@192.168.2.106'"
and check to make sure that only the key(s) you wanted were added.
默认的文件是 id_rsa,如果生成指定的私密钥文件按下列方法操作,如果默认的话就跳过这一步
1、生成指定的私密钥文件
# 生成
ssh-keygen -f docker-ssh -C "devops@192.168.2.106"
# 查看
[root@f8d300636950 .ssh]# ll
-rw------- 1 root root 1679 May 20 05:33 docker-ssh
-rw-r--r-- 1 root root 402 May 20 05:33 docker-ssh.pub
2、增加 config 文件
[root@f8d300636950 .ssh]# cat config
Host 192.168.2.106
Port 22
User devops
IdentityFile ~/.ssh/docker-ssh
3、复制文件
# 非 22 端口需要加 -p
[root@f8d300636950 .ssh]# ssh-copy-id -i docker-ssh.pub devops@192.168.2.106
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "docker-ssh.pub"
The authenticity of host '192.168.2.106 (192.168.2.106)' can't be established.
ECDSA key fingerprint is SHA256:JQ9/i6M0oHGJa0xN7Sy6RZjg+WMV4BdpGNWJ7Axl/DI.
ECDSA key fingerprint is MD5:3e:6a:95:6b:e5:7c:e6:9b:93:f3:e0:3d:73:89:42:ad.
Are you sure you want to continue connecting (yes/no)? yes
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
devops@192.168.2.106's password:
Number of key(s) added: 1
Now try logging into the machine, with: "ssh 'devops@192.168.2.106'"
and check to make sure that only the key(s) you wanted were added.
三、机器B 查看授权文件
[root@kvm113 .ssh]# ll /home/devops/.ssh
-rw------- 1 devops devops 402 5月 20 05:34 authorized_keys
[root@minikube .ssh]# cat authorized_keys
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJ/SWScalect3if5F0zo8xgOwuZOAcolxl3UQ7OzJSTZZpxB/qw5zDSvedCJOBWILPhoQbovNKWm+KQVFsB5u1FXTqI+oLqJdrERSTn6pnXqjgCKL6CFnkj3sSV/71j74/QtWMV69Cs9qSgzNW4rdpieZPVB9ETeQPWCo8uipdWT6RmGqpcWxv9/rCuXoNMtmezgRb31Erim1Ov4kTMbryA+NbdUT8vOhkQ9v+tsMHwJwZSV4+aVgTIfM26fTDG0Lxs+Fq4AdEB65bHDjikVNVMOfR4t0vGwDIKcVcLCbCOAbKXyQ8TVDjtYW4E3Q33nWlq81E0G+k5qO+p/yGIsdF root@f8d300636950
四、免密登陆(不用输入密码)
[root@f8d300636950 .ssh]# ssh devops@192.168.2.106
Last login: Thu May 20 05:30:44 2021 from 192.168.2.108